Skip to Content
avatar image
Former Member

How to Consume On-premise OData Service via Cloud Connector from HCP with Principal Propagation

Hi Experts,

I have the arch scenario as below:

1.Deploy Java App on Hana Cloud Platform,runtime is Java Tomcat 7, then configure Destination to on-premise OData service.

2.Configure Access control in Cloud Connector to expose the resource.

3.Access Java app to access backend system and retrieve data.

But I encounter some issue on the destination service.

----Case 1:

configure destination as Basic Authentication.

then when I build HTTP request to backend service, I add following codes:

String credentials = destConfiguration.getProperty("User") + ":" + destConfiguration.getProperty("Password");

String cred_encode = Base64.encodeBase64String(credentials.getBytes()); connection.setRequestProperty("Authorization", "Basic " + cred_encode);

In a word, need to fill Authorization field as "Basic 6HIJ3i8er" into HTTP header, then I can make a successful aceess to backend resource.

----Case 2:

However, now I want to configure destination as Principal Propagation.

Then when I build HTTP request , what content should I fill into HTTP request header? If I did nothing, there is error shown as "#ERROR#com.sap.core.connectivity.protocol.http.handlers.HttpAuthenticationHandler#tunnelclient-4-1#0x7a6fa57f#Unable to generate authorization token".

Thanks in advance for your help.

Alex.

capture.jpg (31.0 kB)
capture.jpg (29.5 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Oct 26, 2017 at 12:14 PM

    Hi Alex,

    did you find a solution? I have the same issue right know, I'm wondering what to put into the HTTP request header. I'm getting a http 401 response (Unauthorized) which makes sense if I leave it blank. I'm working with DestinationConfiguration within a Tomcat 8 runtime.

    My Cloud Connector should create a X.509 user Certificate. Am I supposed to use the AuthenticationHeaderProvider and put my SAML2.0 session into the authorization field? It doesn't seem to work that way.

    Kai

    Add comment
    10|10000 characters needed characters exceeded